- Event data injections are really hard to identify & block in serverless architecture.
- Broken authentication is a big risk. There are hundreds of distinct functions, triggers & events that you must provide with the right access control and protection.
- High degree of settings customization offered in serverless can lead to insecure deployment configurations. Make functions stateless at the design stages to avoid exposing sensitive data.
- Over privileged functions are huge security risks.
- Poor function monitoring and logging. Collect real-time logs from serverless functions and services, and push them to a remote SIEM system.
- Third-party dependencies on web services (through API calls), software packages and open-source libraries.
Full post here, 4 mins read